Enable the krb5_store_password_if_offline option in sssd.conf by
default. To turn it off, use --no-krb5-offline-passwords option in
ipa-client-install.
https://fedorahosted.org/freeipa/ticket/1359
Honza
--
Jan Cholasta
>From 7cd7a371fa85410f2dd22250ed9473a6a28ab71e Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 28 Jun 2011 14:19:51 +0200
Subject: [PATCH] Configure SSSD to store user password if offline.
ticket 1359
---
ipa-client/ipa-install/ipa-client-install |4
ipa-client/man/ipa-client-install.1 |3 +++
2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 884dd21..6bdeb87 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -90,6 +90,8 @@ def parse_options():
help="The hostname of this server (FQDN). By default of nodename from uname(2) is used.")
parser.add_option("", "--enable-dns-updates", dest="dns_updates", action="store_true", default=False,
help="Configures the machine to attempt dns updates when the ip address changes.")
+parser.add_option("--no-krb5-offline-passwords", dest="krb5_offline_passwords", action="store_false",
+ help="Configure SSSD not to store user password when the server is offline", default=True)
options, args = parser.parse_args()
safe_opts = parser.get_safe_opts(options)
@@ -550,6 +552,8 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
if options.dns_updates:
domain.set_option('ipa_dyndns_update', True)
+if options.krb5_offline_passwords:
+domain.set_option('krb5_store_password_if_offline', True)
domain.set_active(True)
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 40d53a8..e689177 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -81,6 +81,9 @@ The hostname of this server (FQDN). By default of nodename from uname(2) is used
.TP
\fB\-\-enable\-dns\-updates\fR
This option tells SSSD to automatically update DNS with the IP address of this client.
+.TP
+\fB\-\-no\-krb5\-offline\-passwords\fR
+Configure SSSD not to store user password when the server is offline.
.SH "EXIT STATUS"
0 if the installation was successful
--
1.7.4.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel